WSO2Con USA 2017: Building an Effective API Architecture
2 likes2,138 views
The document outlines the architecture and components of the WSO2 API Manager, detailing the roles of the publisher, store, admin, traffic manager, and gateway in API management. It discusses the storage types and databases used for managing API metadata, runtime data, and analytics, along with the security mechanisms in place, including OAuth2.0 grants. Additionally, it addresses deployment strategies for multi-datacenter scenarios and emphasizes the importance of managing API stages and environments effectively.
![Regional Gateways - Token Prefix Pattern
public class RegionValidator extends AbstractHandler {
public boolean handleRequest(MessageContext messageContext) {
String regionId = System.getProperty(REGION_ID);
if (log.isDebugEnabled()) {
log.debug("Region ID = " + regionId);
}
. . . . . . . . .
if(bearerToken == null || bearerToken.split(" ")[1].startsWith(regionId)){
//No bearer token provided or the provided bearer token is of the expected region.
return true;
}
handleAuthFailure(messageContext);
return false;](https://image.slidesharecdn.com/buildinganeffectiveapiarchitecture-170222092144/85/WSO2Con-USA-2017-Building-an-Effective-API-Architecture-25-320.jpg)
WSO2Con USA 2017: Building an Effective API Architecture
- 3. Understanding the Storage Storage Types • Registry Database - Stores API Meta Data, Tenant Key Stores, Documents, Tags • API Manager Database - Stores API Runtime Data, Application Data, Token Data, etc. • Permissions Database - Stores role to permissions and user to permissions mappings. • Analytics Summary Database - Store API/Application usage summary.
- 4. Understanding the Storage Contd… Component Reads only from Writes to Publisher Permissions DB, Analytics DB Registry, APIM DB Store Permissions DB, Analytics DB, Registry APIM DB Key Manager Permissions DB, APIM DB, Registry Traffic Manager Permissions DB
- 8. API: The runnable artifact <api name="nuwan--Petstore" context="/petstore/1.0.0" version="1.0.0" version-type="context"> <resource methods="POST PUT" url-mapping="/pet"> ………………………….. <resource methods="DELETE PUT GET" uri-template="/user/{username}"> ………………………….. <handlers> <handler class="org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHa ndler"> ……………………………
- 9. API: The handler flow <handlers> <handler class="org.wso2.carbon.apimgt.gateway.handlers.common.APIMgtLatencyStatsHandler"/> <handler class="org.wso2.carbon.apimgt.gateway.handlers.security.CORSRequestHandler"> <property name="apiImplementationType" value="ENDPOINT"/> </handler> <handler class="org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler"/> <handler class="org.wso2.carbon.apimgt.gateway.handlers.throttling.ThrottleHandler"/> <handler class="org.wso2.carbon.apimgt.gateway.handlers.analytics.APIMgtUsageHandler"/> <handler class="org.wso2.carbon.apimgt.gateway.handlers.ext.APIManagerExtensionHandler"/> </handlers>
- 17. Traffic Manager Scalability • The Traffic Manager does not scale • A single Traffic Manager can handle up to 10 Gateways at maximum capacity • If a deployment consists of more than 10 Gateways, the Gateways should be divided into groups of clusters of 10 nodes each, having 1 traffic manager per group.
- 21. API: Stages vs Environments Stage Environment Represents a state of an API Represents the execution runtime of an API in a given state An API may go through modifications when transferring between stages The API Definition is fixed across environments Shouldn’t share data between stages May share data across environments Ownership of the API/data may change across stages Ownership of the API/data remains same across all environments
- 24. Regional Gateways - Token Prefix Pattern public class CustomTokenGenerator extends OauthTokenIssuerImpl { @Override public String accessToken(OAuthTokenReqMessageContext tokReqMsgCtx) throws OAuthSystemException { String regionID = System.getProperty(REGION_ID); if(log.isDebugEnabled()){ log.debug("Region ID = " + regionID); } String accessToken = UUID.randomUUID().toString(); return regionID != null ? regionID + accessToken : accessToken; }
- 25. Regional Gateways - Token Prefix Pattern public class RegionValidator extends AbstractHandler { public boolean handleRequest(MessageContext messageContext) { String regionId = System.getProperty(REGION_ID); if (log.isDebugEnabled()) { log.debug("Region ID = " + regionId); } . . . . . . . . . if(bearerToken == null || bearerToken.split(" ")[1].startsWith(regionId)){ //No bearer token provided or the provided bearer token is of the expected region. return true; } handleAuthFailure(messageContext); return false;
- 26. API Manager: Multi Datacenter Deployment Types of Data Center Deployments • Single Master, Active-Active • Single Master, Active-Passive (Disaster Recovery) • Multi Master, Active-Active
- 28. Thank You!